From b910e3298b0ce62249c9479a6364e97a1cdf7d16 Mon Sep 17 00:00:00 2001 From: SQLDbaWithABeard Date: Wed, 27 Apr 2022 08:22:53 +0100 Subject: [PATCH] SaRenamed for v5 adn tested #882 --- Perf Testing pesterv5.ps1 | 4 ++-- Validate v4 adn v5.ps1 | 4 ++-- checks/Instancev5.Tests.ps1 | 13 +++++++++++-- internal/functions/NewGet-AllInstanceInfo.ps1 | 7 +++++++ 4 files changed, 22 insertions(+), 6 deletions(-) diff --git a/Perf Testing pesterv5.ps1 b/Perf Testing pesterv5.ps1 index 6f9b3ddf..6e4b0a88 100644 --- a/Perf Testing pesterv5.ps1 +++ b/Perf Testing pesterv5.ps1 @@ -14,8 +14,8 @@ ipmo ./dbachecks.psd1 # -$Checks = 'DefaultFilePath','AdHocDistributedQueriesEnabled','AdHocWorkload', 'DefaultTrace', 'OleAutomationProceduresDisabled', 'CrossDBOwnershipChaining', 'ScanForStartupProceduresDisabled', 'RemoteAccessDisabled', 'SQLMailXPsDisabled', 'DAC', 'OLEAutomation' -$Checks = 'DefaultFilePath' +$Checks = 'SaRenamed','DefaultFilePath','AdHocDistributedQueriesEnabled','AdHocWorkload', 'DefaultTrace', 'OleAutomationProceduresDisabled', 'CrossDBOwnershipChaining', 'ScanForStartupProceduresDisabled', 'RemoteAccessDisabled', 'SQLMailXPsDisabled', 'DAC', 'OLEAutomation' +$Checks = 'SaRenamed' Compare-CheckRuns -Checks $checks # Load the function below and then you can keep running the checks defined above in v4 and v5 and compare the performance diff --git a/Validate v4 adn v5.ps1 b/Validate v4 adn v5.ps1 index 5a41d504..156411d8 100644 --- a/Validate v4 adn v5.ps1 +++ b/Validate v4 adn v5.ps1 @@ -14,8 +14,8 @@ ipmo ./dbachecks.psd1 # -$Checks = 'DefaultFilePath','AdHocDistributedQueriesEnabled','AdHocWorkload', 'DefaultTrace', 'OleAutomationProceduresDisabled', 'CrossDBOwnershipChaining', 'ScanForStartupProceduresDisabled', 'RemoteAccessDisabled', 'SQLMailXPsDisabled', 'DAC', 'OLEAutomation' -$Checks = 'DefaultFilePath' +$Checks = 'SaRenamed','DefaultFilePath','AdHocDistributedQueriesEnabled','AdHocWorkload', 'DefaultTrace', 'OleAutomationProceduresDisabled', 'CrossDBOwnershipChaining', 'ScanForStartupProceduresDisabled', 'RemoteAccessDisabled', 'SQLMailXPsDisabled', 'DAC', 'OLEAutomation' +$Checks = 'SaRenamed' Compare-v4andv5Results -Checks $Checks # Load the function below and then you can keep running the checks defined above in v4 and v5 and compare the performance diff --git a/checks/Instancev5.Tests.ps1 b/checks/Instancev5.Tests.ps1 index 04ca1b18..6269fabd 100644 --- a/checks/Instancev5.Tests.ps1 +++ b/checks/Instancev5.Tests.ps1 @@ -68,7 +68,7 @@ Describe "Cross Database Ownership Chaining" -Tag CrossDBOwnershipChaining, Secu } } -Describe "Scan For Startup Procedures" -Tag ScanForStartupProceduresDisabled, Security, CIS, Low, Instance -ForEach $InstancesToTest { +Describe "Scan For Startup Procedures" -Tag ScanForStartupProceduresDisabled, Security, CIS, Low, Instance -ForEach $InstancesToTest { $skip = Get-DbcConfigValue skip.instance.scanforstartupproceduresdisabled Context "Checking Scan For Startup Procedures on <_.Name>" { It "Scan For Startup Procedures is set to <_.ConfigValues.scanforstartupproceduresdisabled> on <_.Name>" -Skip:$skip { @@ -77,7 +77,7 @@ Describe "Scan For Startup Procedures" -Tag ScanForStartupProceduresDisabled, S } } -Describe "SQL Mail XPs Disabled" -Tag SQLMailXPsDisabled, Security, CIS, Low, Instance -ForEach $InstancesToTest { +Describe "SQL Mail XPs Disabled" -Tag SQLMailXPsDisabled, Security, CIS, Low, Instance -ForEach $InstancesToTest { $skip = Get-DbcConfigValue skip.instance.SQLMailXPsDisabled Context "Checking SQL Mail XPs on <_.Name>" { It "SQL Mail XPs should be disabled on <_.Name>" -Skip:($skip -or $psitem.VersionMajor -gt 10) { @@ -131,3 +131,12 @@ Describe "Default File Path" -Tag DefaultFilePath, Instance -ForEach $InstancesT } } } + +Describe "SA Login Renamed" -Tag SaRenamed, DISA, CIS, Medium, Instance -ForEach $InstancesToTest { + Context "Checking that sa login has been renamed on <_.Name>" { + It "sa login has been renamed on <_.Name>" { + ($PsItem.Logins.Name) | Should -Not -BeIn 'sa' -Because "Renaming the sa account is a requirement" + } + } +} + diff --git a/internal/functions/NewGet-AllInstanceInfo.ps1 b/internal/functions/NewGet-AllInstanceInfo.ps1 index 9eccf540..f72c5b29 100644 --- a/internal/functions/NewGet-AllInstanceInfo.ps1 +++ b/internal/functions/NewGet-AllInstanceInfo.ps1 @@ -26,6 +26,9 @@ function NewGet-AllInstanceInfo { # Settings Initial Fields $SettingsInitFields = $Instance.GetDefaultInitFields([Microsoft.SqlServer.Management.Smo.Settings]) + # Login Initial Fields + $LoginInitFields = $Instance.GetDefaultInitFields([Microsoft.SqlServer.Management.Smo.Login]) + # Configuration cannot have default init fields :-) $configurations = $false @@ -77,6 +80,9 @@ function NewGet-AllInstanceInfo { $SettingsInitFields.Add("DefaultLog") | Out-Null # so we can check file paths $Instance.SetDefaultInitFields([Microsoft.SqlServer.Management.Smo.Settings], $SettingsInitFields) } + 'SaRenamed' { + + } Default { } } @@ -93,6 +99,7 @@ function NewGet-AllInstanceInfo { VersionMajor = $Instance.VersionMajor Configuration = if ($configurations) { $Instance.Configuration } else { $null } Settings = $Instance.Settings + Logins = $Instance.Logins } if ($ScanForStartupProceduresDisabled) { $StartUpSPs = $Instance.Databases['master'].StoredProcedures.Where{ $_. Name -ne 'sp_MSrepl_startup' -and $_.StartUp -eq $true }.count